Changing How We Develop Ladybird
Ladybird browser will no longer accept public pull requests, closing all existing ones to tighten development for its alpha release.
Ladybird is shifting to maintainer-only code contributions, effective immediately. The project cites AI-generated patches as the core reason: substantial contributions once implied effort and good faith, but AI tools have made high-quality-looking code cheap to produce. For a browser consuming untrusted internet input, disguised vulnerabilities pose severe risk. The maintainers note they are responsible for all code once merged, and contributors must be people who decide changes belong in the project and answer for consequences. All open pull requests will be closed. The project will not create shadow contribution paths through issues, comments, or email. External involvement continues via bug reports, testing, standards discussion, and security reports. The source code remains publicly available under an open source license.
What HN community is saying
Commenters split between accepting the decision's security logic and viewing it as project death. The top-ranked concern is sustainability: Ladybird needs new maintainers eventually, but closed contribution blocks the traditional pathway of gaining trust through patches. Some note Linux kernel development operates similarly despite reviewer pressure; others counter that Linux has far more maintainers. A secondary thread highlights AI's specific impact: before AI, low-quality PRs were rare; now maintainers are flooded with slop generated by people who couldn't code without LLMs. One commenter suggests in-person vetting at conferences as a potential trust mechanism, though this excludes remote contributors.